Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-2950 3 Centennial, Numara, Symantec 3 Discovery, Asset Manager, Discovery 2026-04-23 N/A
Centennial Discovery 2006 Feature Pack 1, which is used by (1) Numara Asset Manager 8.0 and (2) Symantec Discovery 6.5, uses insecure permissions on certain directories, which allows local users to gain privileges.
CVE-2007-3190 1 Jffnms 1 Just For Fun Network Management System 2026-04-23 N/A
Multiple SQL injection vulnerabilities in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) pass parameters.
CVE-2007-2971 1 Greg Neustaetter 1 Gcards 2026-04-23 N/A
SQL injection vulnerability in getnewsitem.php in gCards 1.46 and earlier allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
CVE-2006-7014 1 Bloggit 1 Bloggit 2026-04-23 N/A
admin.php in BloggIT 1.01 and earlier does not properly establish a user session, which allows remote attackers to gain privileges via a direct request.
CVE-2007-3013 1 Activeweb 1 Contentserver 2026-04-23 N/A
SQL injection vulnerability in activeWeb contentserver before 5.6.2964 allows remote authenticated users with edit permission to execute arbitrary SQL commands via the id parameter to admin/picture/picture_real_edit.asp, and probably other unspecified vectors.
CVE-2007-1910 1 Microsoft 1 Word 2026-04-23 N/A
Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted document, as demonstrated by file789-1.doc.
CVE-2007-4667 1 Firebirdsql 1 Firebird 2026-04-23 N/A
Unspecified vulnerability in the Services API in Firebird before 2.0.2 allows remote attackers to cause a denial of service, aka CORE-1149.
CVE-2007-4069 1 Index Script 1 Index Script 2026-04-23 N/A
SQL injection vulnerability in show_cat.php in IndexScript 2.8 and earlier allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
CVE-2007-1921 1 Nullsoft 1 Winamp 2026-04-23 N/A
LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other products, allows remote attackers to execute arbitrary code via a crafted .MAT file that contains a value that is used as an offset, which triggers memory corruption.
CVE-2007-2989 1 Sun 1 Solaris 2026-04-23 N/A
The libike library in Sun Solaris 9 before 20070529 contains a logic error related to a certain pointer, which allows remote attackers to cause a denial of service (in.iked daemon crash) by sending certain UDP packets with a source port different from 500. NOTE: this issue might overlap CVE-2006-2298.
CVE-2007-1929 1 Gna 1 Beryo 2026-04-23 N/A
Directory traversal vulnerability in downloadpic.php in Beryo 2.0, and possibly other versions including 2.4, allows remote attackers to read arbitrary files via a .. (dot dot) in the chemin parameter.
CVE-2007-1932 1 Scar4u 1 Scarnews 2026-04-23 N/A
Directory traversal vulnerability in scarnews.inc.php in ScarNews 1.2.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sn_admin_dir parameter.
CVE-2007-2439 1 Caucho Technology 1 Resin 2026-04-23 N/A
Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to cause a denial of service (device hang) and read data from a COM or LPT device via a DOS device name with an arbitrary extension.
CVE-2007-2441 1 Caucho Technology 1 Resin 2026-04-23 N/A
Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to obtain the system path via certain URLs associated with (1) deploying web applications or (2) displaying .xtp files.
CVE-2006-3436 1 Microsoft 1 .net Framework 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true".
CVE-2006-5150 1 Openbiblio 1 Openbiblio 2026-04-23 N/A
SQL injection vulnerability in the reports system in OpenBiblio before 0.5.2 allows remote attackers with report privileges to execute arbitrary SQL commands via unspecified vectors.
CVE-2007-2647 1 Monalbum 1 Monalbum 2026-04-23 N/A
Static code injection vulnerability in admin/admin_configuration.php in Monalbum 0.8.7 allows remote authenticated users to inject arbitrary PHP code into the conf/config.inc.php file via the (1) gadm_pass, (2) gadm_user, (3) gcfgHote, (4) gcfgPass, (5) gcfgUser, (6) gclassement_rep, (7) gcontour, (8) gfond, (9) ggd_version, (10) ghome, (11) ghor, (12) gimg_copyright, (13) glangage, (14) gmenu_visible, (15) gmini_hasard, (16) gordre_rep, (17) gpage, (18) gracine, (19) grech_inactive, (20) grep_mini, (21) grepertoire, (22) gsite, (23) gslide, (24) gtitre, (25) guse_copyright, (26) gversion, (27) gvert, or (28) gcfgBase parameter.
CVE-2007-3188 1 Geometrix Download Portal 1 Geometrix Download Portal 2026-04-23 N/A
SQL injection vulnerability in down_indir.asp in Fullaspsite GeometriX Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-5318 1 Nayco 1 Jasmine 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in Nayco JASmine (aka Jasmine-Web) allows remote attackers to execute arbitrary PHP code via an FTP URL in the section parameter.
CVE-2007-1180 1 Web-app.org 1 Webapp 2026-04-23 N/A
WebAPP before 0.9.9.5 does not check referrers in certain forms, which might facilitate remote cross-site request forgery (CSRF) attacks or have other unknown impact.